One presentation in 25c3 showed how they created a rogue certificate authority that looks like a trusted CA (with the help of 200 Playstation 3's to do the work) by exploiting collisions in MD5. Read more about it here